Details of VAR-202504-1580

ID

VAR-202504-1580

CVE

CVE-2025-2492

TITLE

ASUS AiCloud Improper Authentication Control Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2025-07884

DESCRIPTION

An improper authentication control vulnerability exists in AiCloud. This vulnerability can be triggered by a crafted request, potentially leading to unauthorized execution of functions. Refer to the 'ASUS Router AiCloud vulnerability' section on the ASUS Security Advisory for more information. ‌AiCloud is a cloud service launched by ASUS, which aims to provide easy access to data in devices connected to the router, such as USB or PC, and provides functions such as uploading, downloading, online music playback, online document browsing, sharing links to Facebook, and setting Smart Sync cloud synchronization

Trust: 1.44

sources: NVD: CVE-2025-2492 // CNVD: CNVD-2025-07884

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2025-07884

AFFECTED PRODUCTS

vendor:	asus	model:	aicloud 3.0.0.4 382 series	scope:	-	version:	-	Trust: 0.6
vendor:	asus	model:	aicloud 3.0.0.4 386 series	scope:	-	version:	-	Trust: 0.6
vendor:	asus	model:	aicloud 3.0.0.4 388 series	scope:	-	version:	-	Trust: 0.6
vendor:	asus	model:	aicloud 3.0.0.6 102 series	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2025-07884

CVSS

SEVERITY

CVSSV2

CVSSV3

54bf65a7-a193-42d2-b1ba-8e150d3c35e1:	CVE-2025-2492
value:	CRITICAL
Trust: 1.0
CNVD:	CNVD-2025-07884
value:	HIGH
Trust: 0.6

CNVD:	CNVD-2025-07884
severity:	HIGH
baseScore:	9.7
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	9.5
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

sources: CNVD: CNVD-2025-07884 // NVD: CVE-2025-2492

PROBLEMTYPE DATA

problemtype:

CWE-288

Trust: 1.0

sources: NVD: CVE-2025-2492

PATCH

title:

Patch for ASUS AiCloud Improper Authentication Control Vulnerability

url:

https://www.cnvd.org.cn/patchInfo/show/682236

Trust: 0.6

sources: CNVD: CNVD-2025-07884

EXTERNAL IDS

db:	NVD	id:	CVE-2025-2492	Trust: 1.6
db:	CNVD	id:	CNVD-2025-07884	Trust: 0.6

sources: CNVD: CNVD-2025-07884 // NVD: CVE-2025-2492

REFERENCES

url:

https://www.asus.com/content/asus-product-security-advisory/

Trust: 1.0

sources: NVD: CVE-2025-2492

SOURCES

db:	CNVD	id:	CNVD-2025-07884
db:	NVD	id:	CVE-2025-2492

LAST UPDATE DATE

2025-04-22T23:22:01.075000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2025-07884	date:	2025-04-21T00:00:00
db:	NVD	id:	CVE-2025-2492	date:	2025-04-21T14:23:45.950

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2025-07884	date:	2025-04-21T00:00:00
db:	NVD	id:	CVE-2025-2492	date:	2025-04-18T09:15:13.823